NSE4 | Fortinet NSE4 Exam Dumps 2019
Act now and download your today! Do not waste time for the worthless tutorials. Download with real questions and answers and begin to learn with a classic professional.
Online NSE4 free questions and answers of New Version:
NEW QUESTION 1
Which of the following statements are true regarding WAN Link Load Balancing? (Choose two).
- A. There can be only one virtual WAN Link per VDOM.
- B. FortiGate can measure the quality of each link based on latency, jitter, or packets percentage.
- C. Link health checks can be performed over each link member if the virtual WAN interface.
- D. Distance and priority values are configured in each link member if the virtual WAN interface.
NEW QUESTION 2
A static route is configured for a FortiGate unit from the CLI using the following commands:
config router static edit 1
set device “wan1” set distance 20
set gateway 192.168.100.1 next
Which of the following conditions are required for this static default route to be displayed in the FortiGate unit's routing table? (Choose two.)
- A. The administrative status of the wan1 interface is displayed as down.
- B. The link status of the wan1 interface is displayed as up.
- C. All other default routers should have a lower distance.
- D. The wan1 interface address and gateway address are on the same subnet.
NEW QUESTION 3
Which traffic can match a firewall policy's "Services" setting? (Choose three.)
- A. HTTP
- B. SSL
- C. DNS
- D. RSS
- E. HTTPS
NEW QUESTION 4
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.)
- A. The Phase 2 will re-key even if there is no traffic.
- B. There will be a DH exchange for each re-key.
- C. The sequence number of ESP packets received from the peer will not be checked.
- D. Quick mode selectors will default to those used in the firewall policy.
NEW QUESTION 5
Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)
- A. DHCP
- B. BOOTP
- C. DNS
- D. IPv6 autoconfiguration.
NEW QUESTION 6
If you enable the option "Generate Logs when Session Starts", what effect does this have on the number of traffic log messages generated for each session?
- A. No traffic log message is generated.
- B. One traffic log message is generated.
- C. Two traffic log messages are generated.
- D. A log message is only generated if there is a security event.
NEW QUESTION 7
What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)
- A. Enable session pick-up.
- B. Enable override.
- C. Connections must be UDP or ICMP.
- D. Connections must not be handled by a proxy.
NEW QUESTION 8
A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode. Which one of the following statements is correct regarding the use of web-only mode SSL VPN?
- A. Web-only mode supports SSL version 3 only.
- B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.
- C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.
- D. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN.
NEW QUESTION 9
Examine the following output from the diagnose sys session list command:
Which statements are true regarding the session above? (Choose two.)
- A. Session Time-To-Live (TTL) was configured to 9 seconds.
- B. FortiGate is doing NAT of both the source and destination IP address on all packets coming from the 192.168.1.110 address.
- C. The IP address 192.168.1.110 is being translated to 172.17.87.16.
- D. The FortiGate is not translating the TCP port numbers of the packets in this session.
NEW QUESTION 10
Which of the following statements are true about IPsec VPNs? (Choose three.)
- A. IPsec increases overhead and bandwidth.
- B. IPsec operates at the layer 2 of the OSI model.
- C. End-user's network applications must be properly pre-configured to send traffic across the IPsec VPN.
- D. IPsec protects upper layer protocols.
- E. IPsec operates at the layer 3 of the OSI model.
NEW QUESTION 11
Which of the following combinations of two FortiGate device configurations (side A and side B), can be used to successfully establish an IPsec VPN between them? (choose two)
- A. Side A:main mode, remote gateway as static IP address, policy based VP
- B. Side B: aggressive mode, remote Gateway as static IP address policy-based VPN.
- C. Side A:main mode, remote gateway as static IP address, policy based VP
- D. Side B: main mode, remote gateway as static IP address, route-based VPN
- E. Side A:main mode, remote gateway as static IP address, policy based VP
- F. Side B: main mode, remote gateway as dialup, route-based VPN.
- G. Side A: main mode, remote gateway as dialup policy based VPN, Side B: main mode, remote gateway as dialup, policy based VPN.
NEW QUESTION 12
Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)
- A. Section View lists firewall policies primarily by their interface pairs.
- B. Section View lists firewall policies primarily by their sequence number.
- C. Global View lists firewall policies primarily by their interface pairs.
- D. Global View lists firewall policies primarily by their policy sequence number.
- E. The 'any' interface may be used with Section View.
NEW QUESTION 13
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
- A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
- B. Request: internal host; slave FortiGate; Internet; web server.
- C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
- D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.
NEW QUESTION 14
Which are the three different types of Conserve Mode that can occur on a FortiGate device? (Choose three.)
- A. Proxy
- B. Operating system
- C. Kernel
- D. System
- E. Device
NEW QUESTION 15
Which best describe the mechanism of a TCP SYN flood?
- A. The attacker keeps open many connections with slow data transmission so that other clients cannot start new connections.
- B. The attacker sends a packet designed to "sync" with the FortiGate.
- C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.
- D. The attacker starts many connections, but never acknowledges to fully form them.
NEW QUESTION 16
Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)
- A. SSL VPN creates a HTTPS connectio
- B. IPsec does not.
- C. Both SSL VPNs and IPsec VPNs are standard protocols.
- D. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
- E. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.
Recommend!! Get the Full NSE4 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/NSE4-exam-dumps.html (New 301 Q&As Version)